WO2019095196A1 - Access control method, apparatus and communication system - Google Patents

Abstract

An access control method, an apparatus, and a communication system. The access control method comprises: determining, on the basis of a mapping relationship between an access attempt and an access class, an access class corresponding to an access attempt; performing an access barring check on the basis of the access class, so as to determine whether an access corresponding to the access class is barred; and transmitting, when it is determined that the access is permitted, a connection establishment request message or a connection recovery request message to a network device. Thus, an access class can be determined even in different scenarios, and a unified access control mechanism can be implemented in a simple and efficient manner.

Description

Access control method, device and communication system Technical field

The embodiments of the present invention relate to the field of communications technologies, and in particular, to an access control method, apparatus, and communication system.

Background technique

In the Long Term Evolution (LTE) system, for example, the following access control technologies exist:

Access Class Barring (ACB), which is based on the type of access attempt (such as terminal-initiated data or terminal-initiated signaling) and the access level to which the user equipment (UE, User Equipment) belongs (AC, Access). Class) access prohibition mechanism;

Access Control Barring-skip (ACB-skip), which allows high priority of MMTEL (Multi-Media Telephony) voice/video and Short Message Service (SMS);

Service Specific Access Control (SSAC), which is an access prohibition mechanism for sessions initiated by MMTEL voice/video;

Extended Access Barring (EAB), such as machine type communication (MTC, Machine Type Communications) specific access barring mechanism;

AB for NB-IoT, the NNB-NoT (Narrow-Band Internet of Things) specific access barring mechanism;

Application Specific Congestion Control for Data Communication (ACDC) is an access prohibition mechanism for a specific application determined by an operator within the UE.

In addition, the access request rejection method can also be used for access control. For example, after the random access process is complete, the user equipment may send a radio resource control (RRC) connection establishment request or a connection recovery request to the network side, where the establishment cause value is carried; and based on the establishment cause value, the network side It may be decided whether to accept the request; if the network side accepts the request, it may send an RRC Connection Setup message or an RRC Connection Recovery message, otherwise reply to the RRC Connection Reject message. By accepting or rejecting the connection establishment request or the connection recovery request, the network side can control the congestion situation.

It should be noted that the above description of the technical background is only for the purpose of facilitating a clear and complete description of the technical solutions of the present invention, and is convenient for understanding by those skilled in the art. Can't just because these programs are in the hair The background of the prior art is set forth and it is believed that the above-described technical solutions are well known to those skilled in the art.

Summary of the invention

The inventors have found that in the fifth generation (5G), for example, the New Radio (NR) system, it is necessary to provide a unified access control (UAC) mechanism. However, there is currently no solution on how to determine the access level.

The embodiment of the invention provides an access control method, device and communication system. The access level corresponding to the initiated access attempt (eg, each new access attempt) is determined based on the mapping of the access attempt to the access level.

According to a first aspect of the embodiments of the present invention, an access control method is provided, including:

Determining an access level corresponding to the access attempt based on a mapping relationship between the access attempt and the access level;

Performing an access barring check based on the access level to determine whether access corresponding to the access level is prohibited;

In the case where it is determined that the access is allowed, a connection establishment request message or a connection recovery request message is transmitted to the network device.

According to a second aspect of the embodiments of the present invention, an access control apparatus is provided, including:

An access level determining unit, which determines an access level corresponding to the access attempt based on a mapping relationship between the access attempt and the access level;

An access prohibition checking unit that performs an access barring check based on the access level to determine whether access corresponding to the access level is prohibited;

A request sending unit that transmits a connection establishment request message or a connection recovery request message to the network device in a case where it is determined that the access is permitted.

According to a third aspect of the embodiments of the present invention, an access control method is provided, including:

Transmitting, to the user equipment, configuration information for configuring a mapping relationship between the access attempt and the access level, so that the user equipment determines, according to the mapping relationship between the access attempt and the access level, an access level corresponding to the access attempt;

Receiving a connection establishment request message or a connection recovery request message sent by the device;

Determining whether to allow a connection establishment request or a connection recovery request of the user equipment.

According to a fourth aspect of the embodiments of the present invention, an access control apparatus is provided, including:

And a configuration sending unit, configured to send, to the user equipment, configuration information for configuring a mapping relationship between the access attempt and the access level, so that the user equipment determines the access attempt according to the mapping relationship between the access attempt and the access level. Corresponding access level;

a request receiving unit that receives a connection establishment request message or a connection recovery request message sent by the device;

A connection determining unit that determines whether to allow a connection establishment request or a connection recovery request of the user equipment.

According to a fifth aspect of the embodiments of the present invention, a communication system is provided, including:

a network device comprising the access control device of the fourth aspect above;

User equipment comprising the access control device of the second aspect above.

The benefit of the embodiment of the present invention is: determining an access level corresponding to the initiated access attempt based on the mapping relationship between the access attempt and the access level; thereby, the access level can be determined even in different scenarios. A unified access control mechanism is implemented in a simple and efficient manner.

Specific embodiments of the present invention are disclosed in detail with reference to the following description and the drawings, in which <RTIgt; It should be understood that the embodiments of the invention are not limited in scope. The embodiments of the present invention include many variations, modifications, and equivalents within the scope of the appended claims.

Features described and/or illustrated with respect to one embodiment may be used in one or more other embodiments in the same or similar manner, in combination with, or in place of, features in other embodiments. .

It should be emphasized that the term "comprising" or "comprises" or "comprising" or "comprising" or "comprising" or "comprising" or "comprises"

DRAWINGS

Elements and features described in one of the figures or one embodiment of the embodiments of the invention may be combined with elements and features illustrated in one or more other figures or embodiments. In the accompanying drawings, like reference numerals refer to the

1 is a schematic diagram of a communication system according to an embodiment of the present invention;

2 is a schematic diagram of an access control method according to an embodiment of the present invention;

3 is another schematic diagram of an access control method according to an embodiment of the present invention;

4 is another schematic diagram of an access control method according to an embodiment of the present invention;

FIG. 5 is a schematic diagram of an access control apparatus according to an embodiment of the present invention; FIG.

6 is another schematic diagram of an access control apparatus according to an embodiment of the present invention;

7 is a schematic diagram of a network device according to an embodiment of the present invention;

FIG. 8 is a schematic diagram of a user equipment according to an embodiment of the present invention.

Detailed ways

The foregoing and other features of the present invention will be apparent from the The specific embodiments of the present invention are disclosed in the specification and the drawings, which are illustrated in the embodiment of the invention The invention includes all modifications, variations and equivalents falling within the scope of the appended claims.

In the embodiment of the present invention, the terms "first", "second", etc. are used to distinguish different elements from the title, but do not indicate the spatial arrangement or chronological order of the elements, and these elements should not be used by these terms. Limited. The term "and/or" includes any and all combinations of one or more of the associated listed terms. The terms "comprising," "comprising," "having," or "an"

In the embodiments of the present invention, the singular forms "a", "the", "the", "the" and "the" It is to be understood that the singular In addition, the term "subject" should be understood to mean "based at least in part", and the term "based on" should be understood to mean "based at least in part on" unless the context clearly indicates otherwise.

In the embodiment of the present invention, the term "communication network" or "wireless communication network" may refer to a network that conforms to any communication standard such as Long Term Evolution (LTE), Enhanced Long Term Evolution (LTE-A, LTE- Advanced), Wideband Code Division Multiple Access (WCDMA), High-Speed Packet Access (HSPA), and the like.

Moreover, the communication between devices in the communication system may be performed according to any phase of the communication protocol, and may include, for example but not limited to, the following communication protocols: 1G (generation), 2G, 2.5G, 2.75G, 3G, 4G, 4.5G, and future. 5G, New Radio (NR), etc., and/or other communication protocols currently known or to be developed in the future.

In the embodiment of the present invention, the term "network device" refers to, for example, a device in a communication system that accesses a terminal device to a communication network and provides a service for the terminal device. The network device may include but is not limited to the following devices: a base station (BS, Base Station), an access point (AP, Access Point), a transmission and reception point (TRP, Transmission) Reception Point), Broadcast Transmitter, Mobile Management Entity (MME, Mobile Management Entity), Gateway, Server, Radio Network Controller (RNC), Base Station Controller (BSC), etc.

The base station may include, but is not limited to, a Node B (NodeB or NB), an evolved Node B (eNodeB or eNB), and a 5G base station (gNB), and the like, and may further include a Remote Radio Head (RRH). , Remote Radio Unit (RRU), relay or low power node (eg femto, pico, etc.). And the term "base station" may include some or all of their functions, and each base station may provide communication coverage for a particular geographic area. The term "cell" can refer to a base station and/or its coverage area, depending on the context in which the term is used.

In the embodiment of the present invention, the term "user equipment" (UE) or "Terminal Equipment" (TE) refers to, for example, a device that accesses a communication network through a network device and receives a network service. The user equipment may be fixed or mobile, and may also be referred to as a mobile station (MS, Mobile Station), a terminal, a subscriber station (SS, Subscriber Station), an access terminal (AT, Access Terminal), a station, and the like.

The user equipment may include, but is not limited to, a cellular phone (Cellular Phone), a personal digital assistant (PDA, Personal Digital Assistant), a wireless modem, a wireless communication device, a handheld device, a machine type communication device, a laptop computer, Cordless phones, smart phones, smart watches, digital cameras, and more.

For example, in a scenario such as the Internet of Things (IoT), the user equipment may also be a machine or device that performs monitoring or measurement, and may include, but is not limited to, a Machine Type Communication (MTC) terminal, In-vehicle communication terminal, device to device (D2D, Device to Device) terminal, machine to machine (M2M, Machine to Machine) terminal, and the like.

Further, the term "network side" or "network device side" refers to one side of the network, which may be a certain base station, and may also include one or more network devices as above. The term "user side" or "user equipment side" refers to one side of the user, may be a certain UE, or may include one or more user equipments as above.

The scenario of the embodiment of the present invention is described below by way of example, but the present invention is not limited thereto.

FIG. 1 is a schematic diagram of a communication system according to an embodiment of the present invention. The user equipment and the network device are taken as an example. As shown in FIG. 1, the communication system 100 may include a network device 101 and a user equipment 102. For the sake of simplicity, FIG. 1 is only described by taking one user equipment and one network equipment as an example, but the embodiment of the present invention Not limited to this.

In the embodiment of the present invention, an existing service or a service that can be implemented in the future can be performed between the network device 101 and the user equipment 102. For example, these services may include, but are not limited to, enhanced mobile broadband (eMBB), massive machine type communication (mMTC), and high reliability low latency communication (URLLC, Ultra-Reliable and Low). -Latency Communication), and so on.

Providing a unified access control mechanism in the NR system includes, for example, each access attempt can be classified into an access category (AC, access category); the network side can broadcast access control information; based on an access attempt The access control information of the corresponding access level, the user equipment checks whether an actual access attempt is made.

For example, the access level may include features that support scalability, allow for the addition of additional standardized access levels (eg, AC 0 to AC 30), and operators' definitions using their own policies (eg, applications, network slices, etc.). Incoming level (for example, AC 31 to AC 63); the access levels are mutually exclusive as much as possible, for example, the user equipment related situation and the access attempt type may be used to jointly define the access level; the user equipment does not necessarily have to support the NR in the LTE carrier frequency band. Simultaneous connection of LTE.

For example, a unified access control mechanism can be applied to an evolved Universal Mobile Telecommunications System (UMTS, Evolved UMTS Terrestrial Radio Access) or NR access to a 5G core network. User equipment. In addition, the mechanism can also be applied to the case when a user equipment in an idle state, an inactive state, or a connected state initiates a new access attempt (eg, a new session request).

The embodiment of the present invention will be described below by taking the NR system as an example; however, the present invention is not limited thereto, and can be applied to any system in which similar problems exist.

Example 1

The embodiment of the invention provides an access control method, which is described from the user equipment side.

FIG. 2 is a schematic diagram of an access control method according to an embodiment of the present invention, showing a situation on the user equipment side. As shown in FIG. 2, the access control method 200 includes:

Step 201: The user equipment determines, according to the mapping relationship between the access attempt and the access level, the access level corresponding to the access attempt.

Step 202: The user equipment performs an access prohibition check based on the access level to determine the access level. Whether the corresponding access is prohibited; and

Step 203: The user equipment sends a connection establishment request message or a connection recovery request message to the network device, if it is determined that the access is allowed.

In this embodiment, the user equipment may determine a corresponding access level for each new access attempt, and may also determine a corresponding access level for a certain initiated access attempt. The mapping relationship between the access attempt and the access level may be predetermined and stored in the user equipment, for example, may be predefined by an operator or a standard, or may be configured by the base station through a configuration message (for example, an RRC message); but the present invention does not Limited to this.

FIG. 3 is another schematic diagram of an access control method according to an embodiment of the present invention, and a new access attempt is taken as an example for description. As shown in FIG. 3, the access control method 300 includes:

Step 301: The user equipment initiates a new access attempt.

Step 302: The user equipment determines, according to the mapping relationship between the access attempt and the access level, the access level corresponding to the access attempt.

Step 303: The user equipment determines, according to a mapping relationship between the access attempt and the establishment cause value or a mapping relationship between the access level and the establishment cause value, the establishment cause value corresponding to the access attempt.

Step 304: The user equipment performs an access barring check based on the access level to determine whether access corresponding to the access level is prohibited; and determining that the access is not prohibited (ie, the access is allowed) In case, step 305 is performed, otherwise step 306 is performed;

Step 305: The user equipment sends a connection establishment request message or a connection recovery request message including an access level and/or a establishment cause value to the network device.

Step 306: The user equipment does not send a connection establishment request message or a connection recovery request message to the network device.

In this embodiment, the mapping relationship between the access attempt and the establishment cause value or the mapping relationship between the access level and the establishment cause value may be predetermined and stored in the user equipment, for example, may be predefined by an operator or a standard, or may be The configuration is performed by the base station through a configuration message (for example, an RRC message); however, the present invention is not limited thereto.

In this embodiment, the access level may be pre-defined with a plurality of, for example, AC 0 to AC 30 including standardized definitions and AC 31 to AC 63 defined by the operator. The multiple access levels may correspond to one establishment cause value, for example, AC 0 to AC 3 correspond to cause value 1, AC 4 to AC 10 correspond to cause value 2, . However, the present invention is not limited thereto, and an access level and a cause value may be defined according to actual needs.

In this embodiment, the user equipment may include the access level in the connection establishment request message or the connection recovery request message according to an indication of the network device or based on a condition of the network device configuration; or The establishment cause value is included in the connection establishment request message or the connection recovery request message.

For example, the network side may configure the parameter useAccessCate, and if the parameter is set to True, the access level may be included in the connection establishment request message or the connection recovery request message; thereby the base station can obtain more accurate information. In the case where the parameter is not set to True, for example, the parameter is set to false, the establishment cause value may be included in the connection establishment request message or the connection recovery request message; thereby, message resources may be saved.

Alternatively, the network side may configure the threshold TH, where the establishment cause value may be included in the connection establishment request message or the connection recovery request if the number of resources (for example, the number of bits) required to indicate the access level is greater than the threshold. In the message; in the case that the number of resources (for example, the number of bits) required to indicate the access level is less than or equal to the threshold, the access level may be included in the connection establishment request message or the connection recovery request message.

It is to be noted that the above embodiments 2 and 3 only schematically illustrate the embodiments of the present invention, but the present invention is not limited thereto. For example, the order of execution between the various steps can be appropriately adjusted, and other steps can be added or some of the steps can be reduced. Those skilled in the art can appropriately adapt according to the above, and are not limited to the descriptions of FIGS. 2 and 3 described above.

In one embodiment, the access level and/or the establishment cause value may be determined in a non-access stratum (NAS, Non Access Stratum).

One or more of the mapping relationship between the access attempt and the access level, the mapping relationship between the access attempt and the establishment cause value, and the mapping relationship between the access level and the establishment cause value may be Defining the user equipment at the NAS layer or by the network device through the NAS layer signaling; the NAS layer may indicate or deliver the determined access level and/or the establishment cause value to the RRC layer; and the RRC layer performs The access prohibition check.

For example, any entity or layer that initiates an access attempt provides information related to the access attempt to the NAS layer; the RRC layer may provide parameters related to the determined access level from the access control information received from the network side to the NAS, for example The UE level to which AC2 applies.

For another example, the mapping relationship between the access attempt and the access level may be defined in the NAS layer protocol, and/or the mapping relationship or access level between the access attempt and the establishment cause value may be defined in the NAS layer protocol. Establish a mapping relationship between cause values.

For another example, in the case where the RRC layer performs an access barring check, the NAS layer may inform the RRC layer of the determined access level and/or establishment cause value. In this way, the RRC layer can be based on the access level received from the NAS layer and The access control information received from the network side performs an access prohibition check to determine whether the access corresponding to the access level is prohibited; if it is determined that the access is not prohibited (ie, the access is allowed), the UE The access level or the establishment cause value received from the NAS layer may be included in the request message, so that the network side determines whether to accept the connection establishment request or the connection recovery request based on the access level or the establishment cause value.

In another embodiment, the access level and/or the establishment cause value may be determined in an RRC layer. One or more of the mapping relationship between the access attempt and the access level, the mapping relationship between the access attempt and the establishment cause value, and the mapping relationship between the access level and the establishment cause value may be The user equipment is defined at the RRC layer or may also be notified by the network device through the RRC layer signaling; the NAS layer may provide a parameter for determining the access level to the RRC layer; and the RRC layer performs the access prohibition check.

For example, any entity or layer that initiates an access attempt may provide information related to the access attempt to the RRC layer; the NAS layer provides the RRC with parameters required to determine the access level, such as Public Land Mobile Network (PLMN). Information, slice and/or UE level in AC2.

For example, the mapping relationship between the access attempt and the access level may be defined in the RRC layer protocol, and/or the mapping relationship between the access attempt and the establishment cause value or the access level may be defined in the RRC layer protocol. Establish a mapping relationship between cause values.

For another example, in the case where the RRC layer performs an access barring check, the RRC layer is based on information received from any entity or layer that may initiate an access attempt, information received from the NAS layer, and information received from the network side. Mapping an access attempt to a corresponding access level, and determining a cause value based on the access attempt/access level; the RRC layer may perform an access barring check based on the access control information received from the network side to determine the Whether the access corresponding to the access level is prohibited; if it is determined that the access is not prohibited (ie, the access is allowed), the UE may include the access level or the establishment cause value in the request message, so that the network side is based on the The access level or establishment cause value determines whether to accept the connection establishment request or the connection recovery request.

The NAS layer centralized mapping method or the RRC layer centralized mapping method described above can easily determine a unique access level, and can implement a unified access control mechanism more efficiently.

In yet another embodiment, the access level and/or the establishment cause value may be determined in a plurality of different layers. One or more of the mapping relationship between the access attempt and the access level, the mapping relationship between the access attempt and the establishment cause value, and the mapping relationship between the access level and the establishment cause value may be Defined in the layer that initiated the access attempt or in the layer determined according to the RRC state.

For example, determining the access or the like in a layer initiating the access attempt or in a layer determined according to an RRC state Level, and/or determining the establishment cause value in a layer determining the access level or the layer determined according to an RRC state.

For another example, the layer that initiates the access attempt may include, for example, one or more layers, and/or one or more entities: an application layer, an Internet Protocol (IP) layer, a NAS layer, and an RRC. Layer or user plane; the layer determined according to the RRC state may include, for example, one or more layers, and/or one or more entities: the NAS layer when the user equipment is in the idle state, and the user equipment is in the deactivated state The user plane when the RRC layer and the user equipment are in the connected state. However, the present invention is not limited thereto, and a specific embodiment may be determined according to actual needs.

In this embodiment, in a case where the plurality of different layers determine a plurality of different access levels, one access level may be selected from the plurality of different access levels by the NAS layer or the RRC layer. Thereby, a unique access level can be determined for the next access barring check.

For example, it can be implemented in the NAS layer; the ranking of the AC can be pre-defined, for example, selecting the AC with the highest rank or lowest rank.

For example, it can be implemented in the RRC layer; the principle of determining a unique access level can be specified in the RRC protocol, and the principle can also be configured by the network side. The principles may be common to all user devices or may be specific to certain user devices.

These principles may include: AC ranking and how to make a selection, such as selecting the highest or lowest level of access level; the priority principle, that is, selecting a certain type of AC at different times or in different RRC states. For example, in the case where a standardized access level and an operator-defined access level are simultaneously determined, an operator-defined access level is used. However, the present invention is not limited thereto, and may be, for example, a combination of the above principles, and a specific embodiment may be determined according to actual needs.

Through the distributed mapping method described above, inter-layer interaction can be performed as little as possible, a unique access level can be determined from multiple access levels, and a unified access control mechanism can be further simply implemented.

In yet another embodiment, the user equipment can process one or more timers for access control; wherein each timer corresponds to one or a group or all access levels. The timer may be configured by the RRC layer or the NAS layer, and/or the timer may also be maintained by the RRC layer or the NAS layer; however, the present invention is not limited thereto.

The following four timers will be described as an example. However, the present invention is not limited thereto. For example, only one or more of the timers may be defined, and other timers may be defined.

For example, the timer may include a user equipment specific disable timer T _{ue — barred} . The network side can send configuration information, configure the timer for the UE, and the AC to which the timer applies. When an access level is applied to (eg, defined or configured) the T _{ue_barred} and the access prohibition check according to the access level results in the access corresponding to the access level being prohibited, Initiating the T _{ue_barred} ; and in the case that the T _{ue_barred is} running, performing an access barring check on all or specified or configured access levels of the user equipment, and determining (or considering) the access The access attempt or access corresponding to the level is forbidden.

For example, the UE determines that the access level of an access attempt is AC 8 and AC 48 respectively; the T _{ue_barred is} configured in the access control information configured on the network side, and indicates that the timer is applicable to all access levels. In this way, the UE may perform an access prohibition check according to the AC 8 or the AC 48 based on the UE implementation or the network side indication; if the result is that the access is prohibited, the access prohibition check is not performed based on the AC 48 or the AC 8, and the T is started. _{Ue_barred} ; If the result is to allow access, the UE also needs to perform an access barring check based on AC 48 or AC 8.

Thus, by using the timer T _{ue_barred} , it is possible to control how the user equipment that determines the plurality of access levels performs the access prohibition check. This timer can be applied to situations where network congestion is very severe. In this case, a smaller number of access barring checks can be made to prevent more user equipment from being barred, so as to quickly alleviate network congestion.

As another example, the timer can include a user equipment specific allowed timer T _{ue — allowed} . The network side can send configuration information, configure the timer for the UE, and the AC to which the timer applies. When an access level is applicable to (eg, defined or configured) the T _{ue_allowed} , and the access prohibition check according to the access level results in that the access corresponding to the access level is allowed, Initiating the T _{ue_allowed} ; and in the case that the T _{ue_allowed is} running, performing the access prohibition check on all or specified or configured access levels of the user equipment, and determining (or considering) the Access attempts or accesses corresponding to the access level are allowed.

For example, the UE determines that the access level of an access attempt is AC 8 and AC 48 respectively; the T _{ue_allowed is} configured in the access control information configured on the network side, and indicates that the timer is applicable to all access levels. In this way, the UE may perform an access prohibition check according to the AC 8 or the AC 48 based on the UE implementation or the network side indication; if the result is to allow access, the access prohibition check is not performed based on the AC 48 or the AC 8, and the T is started. _{Ue_allowed} ; If the result is to prohibit access, the UE also needs to perform an access barring check based on AC 48 or AC 8.

Thus, by using the timer T _{ue_allowed} , it is possible to control how the user equipments that determine the plurality of access levels perform the access prohibition check. This timer can be applied to situations where network congestion is relatively light, in which case more user equipment can be allowed to access with a smaller number of access barring checks.

As another example, the timer may include an access level (group) specific disable timer T _{ac — barred} . The network side can send configuration information to configure the timer for a certain group or group of access levels. When an access level is applied to (eg, defined or configured) the T _{ac_barred} and the access prohibition check according to the access level results in the access corresponding to the access level being prohibited, Initiating the T _{ac_barred} ; and in the case that the T _{ac_barred is} running, performing the access prohibition check on the access level or the access level group, and determining (or considering) the access level or The access attempt or access corresponding to the access level group is prohibited.

For example, the UE determines that the access level of an access attempt is AC 8 and AC 48 respectively; the T _{ac_barred is} configured in the access control information configured on the network side, and indicates that the timer is applicable to the AC 8. In this way, the UE may perform an access prohibition check according to the AC 8 or the AC 48 based on the UE implementation or the network side indication. If the UE determines to perform the access prohibition check based on the AC 8 and the check result is forbidden, the UE is not based on the AC 48. The access prohibition check is performed, and the timer T _{ac_barred is started} ; if the result is that access is allowed, the UE also needs to perform an access prohibition check based on the AC 48.

Thus, by using the timer T _{ac — barred} , it is possible to control how the user equipment that determines the plurality of access levels performs the access prohibition check. The timer can be applied to a case where the network congestion is medium but some of the UEs or services have a low priority or a large number of users. In this case, a smaller number of access prohibition checks can be made to cause more corresponding levels of user equipment. Access is forbidden.

As another example, the timer may include an access level (group) specific allowable timer T _{ac — allowed} . The network side can send configuration information to configure the timer for a certain group or group of access levels. When an access level is applicable to (eg, defined or configured) the T _{ac_allowed} and the access prohibition check according to the access level results in that the access corresponding to the access level is allowed, Initiating the T _{ac_allowed} ; and in the case that the T _{ac_allowed is} running, performing the access prohibition check on the access level or the access level group, and determining (or considering) the access level or The access attempt or access corresponding to the access level group is allowed.

For example, the UE determines that the access level of an access attempt is AC 8 and AC 48 respectively; the T _{ac_allowed is} configured in the access control information configured on the network side, and indicates that the timer is applicable to the AC 8. In this way, the UE may perform an access prohibition check according to the AC 8 or the AC 48 based on the UE implementation or the network side indication. If the UE determines to perform the access prohibition check based on the AC 8 first, and the check result is that the access is allowed, the UE is no longer based on the AC 48. The access prohibition check is performed, and the timer T _{ac_allowed is started} ; if the result is that access is prohibited, the UE also needs to perform an access prohibition check based on the AC 48.

Thus, by using the timer T _{ac_allowed} , it is possible to control how the user equipment that determines the plurality of access levels performs the access prohibition check. The timer can be applied to a case where the network congestion is medium but some of the UEs or services have a high priority or a small number; in this case, the check can be inhibited with a smaller number of accesses to make more corresponding levels of user equipment. Allowed access.

It is worth noting that the above timers can be used in combination with each other to handle more complex network load conditions. The following will be schematically illustrated with two examples.

In an example, for example, when the network congestion is severe, the access control information notified by the network side includes a UE-specific prohibition timer T _{ue_barred} applicable to all ACs, and an allow timer corresponding to AC 3 and AC 32. T _{ac_allowed} .

For example, the UE 1 determines that the access level is AC 3 (ie, the standardized defined emergency call) and the AC 32 (the access level corresponding to an operator-defined emergency service); according to the protocol specification/network configuration, the UE 1 first AC 3 performs an access prohibition check. If the check result is that the access is forbidden, the UE 1 does not need to perform an access prohibition check for the AC 32, directly considers that the access is prohibited, and starts the UE-specific prohibition timer T _{ue_barred} ; if the check result is allowed to access The access is allowed to be directly allowed, and the AC-specific allowable timer T _{ac_allowed is started} . Considering that the timer is applicable to the AC 32, the UE 1 does not need to perform an access prohibition check for the AC 32.

For another example, the UE 2 determines that the access level is AC 3 (ie, an emergency call defined by the standardization) and the AC 42 (an access level corresponding to a general service defined by an operator); according to the protocol/network configuration, the UE 2 first The access prohibition check is performed according to AC 3. If the check result is that the access is forbidden, the UE 2 does not need to perform an access prohibition check for the AC 42 directly, and directly considers that the access is prohibited, and starts the UE-specific prohibition timer T _{ue_barred} ; if the check result is allowed to access Directly consider that the access is allowed, and start the AC-specific allowable timer T _{ac_allowed} . Considering that the timer is not applicable to the AC 42, the UE 2 still needs to perform an access prohibition check for the AC 42; if the check result is If access is allowed, the UE 2 initiates a connection establishment procedure, otherwise the access attempt is disabled, and the UE-specific prohibition timer T _{ue_barred is started} .

In another example, the timer mechanism described above can be used to simplify inter-layer interaction in addition to processing for multiple access levels.

For example, in order to determine whether an access attempt belongs to AC 1, the following steps are required: (1) check which one or which of the AC 11 to AC 15 the access class is; (2) the NAS layer determines the selected PLMN. Whether the type is a home PLMN or a visited PLMN, and determines whether the UE has a valid UE level; (3) checking whether the flag of the valid UE level corresponding to the UE in the network configuration prohibition control information is prohibited or not. If the access attempt is non-prohibited, the access attempt belongs to AC 1, otherwise the access attempt does not belong to AC 1, and the UE also needs to determine other access levels other than AC 1 for the access attempt.

In order to simplify the above process, the above timer can be used to achieve the same effect.

For example, the network configures a UE-specific allowed timer T _{ue_allowed} for AC 1 , which is applicable to all ACs. The UE determines, by the above steps (1) and (2), that it has a valid high UE level (for example, one or some of AC 11 to AC 15), that is, determines that one access level of the UE is AC 1; Another one or more access levels are also determined for the UE, for example, any other access level than AC 0, AC 1 and AC 2.

In this way, the UE performs the access prohibition check according to the AC 1, and if the result is that the access is allowed, the UE directly considers that the connection establishment process is allowed to be initiated; otherwise, if the check result is that the access is prohibited, the UE further performs the access level based on the determined access level. Access prohibition check.

It is to be noted that AC 1 is taken as an example above, but the present invention is not limited thereto; for example, it is also applicable to the case of determining whether an access attempt belongs to AC 2.

Therefore, the network side can handle different congestion situations through a simple timer configuration. The terminal side can reduce the number of access prohibition checks by using simple timer processing, reduce energy consumption, and reduce the delay of initiating connection establishment.

In addition, the configuration mechanism of the foregoing timer may be used alone or in combination with the centralized mapping method or the distributed mapping method described above. In the case of having multiple access levels, the access prohibition check may be performed on which access level, which may be determined by the implementation of the UE, may be pre-defined in the protocol, or may be controlled by the network side. For example, the network control may be implicit. For example, according to the order of access level configuration in the access control information, the first configured access level may be checked first; the network control may also be explicit, for example, may be explicitly configured. The order in which the access levels are executed.

It is worth noting that for inactive or connected UEs, it is necessary to check in advance whether there is a running timer. The check time may be before the access level is determined, or after the access level is determined, before each access prohibition check, or other required time. For the content that is not explicitly described in the embodiments of the present invention, reference may be made to related technologies, and the present invention is not limited thereto.

It can be seen from the foregoing embodiment that it can be in different scenarios (for example, different RRC states, including idle state, non- The active state and the connected state), when the UE performs an access attempt, for example, uniquely determines an access level corresponding to the access attempt; and, in the case where the access level cannot be uniquely determined, processes the multiple access levels. Therefore, it is convenient to perform access prohibition check based on the access level, and implement a unified access control mechanism.

Example 2

The embodiment of the invention provides an access control method, which is applied to a network device side. The same content of the embodiment of the present invention and the first embodiment will not be described again.

FIG. 4 is a schematic diagram of an access control method according to an embodiment of the present invention, showing a situation on the network device side. As shown in FIG. 4, the access control method 400 includes:

Step 401: The network device sends, to the user equipment, configuration information for configuring a mapping relationship between the access attempt and the access level, so that the user equipment determines, according to the mapping relationship between the access attempt and the access level, the access attempt. Access level

Step 402: The network device receives a connection establishment request message or a connection recovery request message sent by the device, and

Step 403: The network device determines whether to allow the connection establishment request or the connection recovery request of the user equipment.

In this embodiment, the network device may further send, to the user equipment, configuration information for configuring a mapping relationship between the access attempt and the establishment cause value or a mapping relationship between the access level and the establishment cause value, so that the user equipment is based on The mapping relationship between the access attempt and the establishment cause value or the mapping relationship between the access level and the establishment cause value determines an establishment cause value corresponding to the access attempt.

In this embodiment, the network device may further send, to the user equipment, configuration information for configuring one or more timers for performing access control; wherein each timer corresponds to one or a group or all access levels. .

It should be noted that the above FIG. 4 only schematically illustrates the embodiment of the present invention, but the present invention is not limited thereto. For example, the order of execution between the various steps can be appropriately adjusted, and other steps can be added or some of the steps can be reduced. Those skilled in the art can appropriately modify the above based on the above contents, and are not limited to the above description of FIG.

It can be seen from the foregoing that, when the UE performs an access attempt in different scenarios (for example, different RRC states, including an idle state, an inactive state, and a connected state), for example, the access level corresponding to the access attempt is uniquely determined; In the case where the access level cannot be uniquely determined, multiple access levels are processed. Therefore, it is convenient to perform access prohibition check based on the access level, and implement a unified access control mechanism.

Example 3

Embodiments of the present invention provide an access control apparatus. The device may be, for example, a user device or some or some of the components or components of the user device. The same contents of the third embodiment and the first embodiment will not be described again.

FIG. 5 is a schematic diagram of an access control apparatus according to an embodiment of the present invention. As shown in FIG. 5, the access control apparatus 500 includes:

The access level determining unit 501 determines the access level corresponding to the access attempt based on the mapping relationship between the access attempt and the access level.

An access barring checking unit 502, configured to perform an access barring check based on the access level to determine whether access corresponding to the access level is prohibited;

The request transmitting unit 503, in the case of determining that the access is permitted, transmits a connection establishment request message or a connection recovery request message to the network device.

As shown in FIG. 5, the access control apparatus 500 may further include:

The cause value determining unit 504 determines the establishment cause value corresponding to the access attempt based on the mapping relationship between the access attempt and the establishment cause value or the mapping relationship between the access level and the establishment cause value.

In this embodiment, the request sending unit 503 may include the access level in the connection establishment request message or the connection recovery request message based on an indication of the network device or based on a condition of the network device configuration, or The establishment cause value is included in the connection establishment request message or the connection recovery request message.

For example, the network side may configure the parameter useAccessCate, and if the parameter is set to True, the access level may be included in the connection establishment request message or the connection recovery request message. In the case where the parameter is not set to True, for example, the parameter is set to false, the establishment cause value may be included in the connection establishment request message or the connection recovery request message.

Alternatively, the network side may configure the threshold TH, where the establishment cause value may be included in the connection establishment request message or the connection recovery request if the number of resources (for example, the number of bits) required to indicate the access level is greater than the threshold. In the message; in the case that the number of resources (for example, the number of bits) required to indicate the access level is less than or equal to the threshold, the access level may be included in the connection establishment request message or the connection recovery request message.

In an embodiment, the access level and/or the establishment cause value may be determined in a non-access stratum (NAS, Non Access Stratum); wherein, the mapping of the access attempt to an access level, Said connection One or more of the mapping relationship between the attempt and the establishment cause value, the mapping relationship between the access level and the establishment cause value may be defined in the non-access stratum, or may also pass through the NAS layer by the network device. Signaling to the user equipment. And the non-access stratum notifies the determined access level and/or the establishment cause value to a radio resource control (RRC) layer; and the radio resource control layer performs the access barring check.

In another embodiment, the access level and/or the establishment cause value may be determined in a radio resource control layer; wherein the mapping of the access attempt to an access level, the access attempt, and Establishing one or more of a mapping relationship of the cause value, a mapping relationship between the access level and the establishment cause value, may be defined at the radio resource control layer, or may be performed by the network device through the radio resource control layer. Signaling to the user equipment. The non-access stratum provides parameters for determining the access level to the radio resource control layer; and the radio resource control layer performs the access barring check.

In another embodiment, the access level and/or the establishment cause value may be determined in a plurality of different layers; wherein the mapping of the access attempt to the access level, the access attempt, and One or more of establishing a mapping relationship of the cause value, a mapping relationship between the access level and the establishment cause value, may be defined in a layer in which the access attempt is initiated or a layer in which the radio resource control state is specific.

For example, determining the access level in a layer or a radio resource control state specific layer initiating the access attempt, and/or determining a layer of the access level or a layer specific to the radio resource control state The establishment cause value is determined.

The layer that initiates the access attempt may include one or more layers, and/or one or more entities: an application layer, an IP layer, a NAS layer, an RRC layer, or a user plane; the radio resource control The state-specific layer may include one or more layers, and/or one or more entities: a NAS layer when the user equipment is in an idle state, an RRC layer when the user equipment is in a deactivated state, and a user equipment is in a connected state. User face at the time.

In this embodiment, when the multiple different layers determine a plurality of different access levels, the non-access stratum or the radio resource control layer may select one of the multiple different access levels. Level.

As shown in FIG. 5, the access control apparatus 500 may further include:

a timer processing unit 505 that processes one or more timers for access control; wherein each timer corresponds to one or a set or all access levels;

The timer starting unit 506 starts the one or more timers.

For example, the timer includes a user equipment specific prohibition timer; the timer activation unit 506 applies to the user equipment specific prohibition timer at the access level, and performs the access according to the access level. The result of the forbidden check is that the user equipment specific prohibition timer is started in the case that the access corresponding to the access level is prohibited; and the access prohibition checking unit 502 is further configured to: in the user equipment If the specific prohibition timer is running, the access prohibition check is not performed on all or specified or configured access levels of the user equipment, and the access attempt corresponding to the access level is determined or connected. Entry is prohibited.

For another example, the timer includes a user equipment specific allowable timer; the timer starting unit 506 applies the user equipment specific allowable timer at the access level, and performs the connection according to the access level. If the result of the prohibition check is that the access corresponding to the access level is allowed, the user equipment specific allowable timer is started; and the access prohibition check unit 502 is further configured to: in the user In the case that the device-specific allowable timer is running, the access prohibition check is not performed on all or specified or configured access levels of the user equipment, and the access attempt corresponding to the access level is determined or Access is allowed.

For another example, the timer includes an access level specific prohibit timer or an access level group specific prohibit timer; the timer starting unit 506 applies to the access level specific prohibit timer at the access level. Or the access level specific prohibition timer, and if the access prohibition check is performed according to the access level, if the access corresponding to the access level is prohibited, the access level specific is activated. The prohibition timer or the access level group specific prohibition timer; and the access prohibition checking unit 502 is further configured to: the access level specific prohibition timer or the access level group specific In the case that the prohibition timer is running, the access prohibition check is not performed on the access level or the access level group, and the access level or the access attempt corresponding to the access level group is determined. Or access is prohibited.

For another example, the timer includes an access level-specific enable timer or an access level group-specific allowable timer; the timer enable unit 506 applies to the access level-specific allowable timer at the access level. Or accessing the level-specific allowable timer, and if the result of the access prohibition check according to the access level is that the access corresponding to the access level is allowed, the access level specific is activated. Allowing a timer or the access level group specific allowable timer; and the access barring checking unit 502 is further operable to: specify an allowable timer or the access level group specific at the access level In the case that the timer is allowed to run, the access prohibition check is not performed on the access level or the access level group, and the access level or the access attempt corresponding to the access level group is determined. Or access is allowed.

It is to be noted that the above description has been made only for the respective components or modules related to the present invention, but the present invention is not limited thereto. The access control device 500 may also include other components or modules. For specific contents of these components or modules, reference may be made to related technologies.

Moreover, for the sake of simplicity, only the connection relationship or signal direction between the various components or modules is exemplarily shown in FIG. 5, but it should be clear to those skilled in the art that various related technologies such as bus connection can be employed. The above various components or modules may be implemented by hardware facilities such as a processor, a memory, a transmitter, a receiver, etc.; the implementation of the present invention is not limited thereto.

It can be seen from the foregoing that, when the UE performs an access attempt in different scenarios (for example, different RRC states, including an idle state, an inactive state, and a connected state), for example, the access level corresponding to the access attempt is uniquely determined; In the case where the access level cannot be uniquely determined, multiple access levels are processed. Therefore, it is convenient to perform access prohibition check based on the access level, and implement a unified access control mechanism.

Example 4

Embodiments of the present invention provide an access control apparatus. The device may be, for example, a network device or some or some of the components or components of the network device. The same contents of the fourth embodiment and the second embodiment will not be described again.

FIG. 6 is a schematic diagram of an access control apparatus according to an embodiment of the present invention. As shown in FIG. 6, the access control apparatus 600 includes:

The configuration sending unit 601 sends, to the user equipment, configuration information for configuring a mapping relationship between the access attempt and the access level, so that the user equipment determines the access attempt based on the mapping relationship between the access attempt and the access level. Corresponding access level;

a request receiving unit 602, which receives a connection establishment request message or a connection recovery request message sent by the device;

The connection determining unit 603 determines whether to allow the connection establishment request or the connection recovery request of the user equipment.

In this embodiment, the configuration sending unit 601 is further configured to: send, to the user equipment, configuration information for configuring a mapping relationship between the access attempt and the establishment cause value or a mapping relationship between the access level and the establishment cause value. And determining, by the user equipment, the establishment cause value corresponding to the access attempt based on a mapping relationship between the access attempt and the establishment cause value or a mapping relationship between the access level and the establishment cause value.

In this embodiment, the configuration sending unit 601 is further configured to: send, to the user equipment, configuration information for configuring one or more timers for performing access control; wherein each timer corresponds to one or One or all access levels.

It is to be noted that the above description has been made only for the respective components or modules related to the present invention, but the present invention is not limited thereto. The access control device 600 may also include other components or modules. For specific contents of these components or modules, reference may be made to related technologies.

Moreover, for the sake of simplicity, only the connection relationship or signal direction between the various components or modules is exemplarily shown in FIG. 6, but it should be clear to those skilled in the art that various related technologies such as bus connection can be employed. The above various components or modules may be implemented by hardware facilities such as a processor, a memory, a transmitter, a receiver, etc.; the implementation of the present invention is not limited thereto.

It can be seen from the foregoing that, when the UE performs an access attempt in different scenarios (for example, different RRC states, including an idle state, an inactive state, and a connected state), for example, the access level corresponding to the access attempt is uniquely determined; In the case where the access level cannot be uniquely determined, multiple access levels are processed. Therefore, it is convenient to perform access prohibition check based on the access level, and implement a unified access control mechanism.

Example 5

The embodiment of the present invention further provides a communication system. Referring to FIG. 1, the same content as Embodiments 1 to 4 will not be described again. In this embodiment, the communication system 100 can include:

a network device 101 configured with the access control device 600 as described in Embodiment 4;

User equipment 102 is configured with access control device 500 as described in embodiment 3.

The embodiment of the present invention further provides a network device, which may be, for example, a base station, but the present invention is not limited thereto, and may be other network devices.

FIG. 7 is a schematic structural diagram of a network device according to an embodiment of the present invention. As shown in FIG. 7, network device 700 can include a processor 710 (eg, a central processing unit CPU) and memory 720; and memory 720 is coupled to processor 710. The memory 720 can store various data; in addition, a program 730 for information processing is stored, and the program 730 is executed under the control of the processor 710.

For example, processor 710 can be configured to execute program 730 to implement the access control method as described in embodiment 2. For example, the processor 710 may be configured to perform control of transmitting configuration information for configuring a mapping relationship of an access attempt to an access level to the user equipment, such that the user equipment is based on the access attempt to the access level. The mapping relationship determines an access level corresponding to the access attempt; receives a connection establishment request message or a connection recovery request message sent by the device; and determines whether to allow the connection establishment request or the connection recovery request of the user equipment.

In an embodiment, the processor 710 may be further configured to: send, to the user equipment, a mapping relationship between the access attempt and the establishment cause value or a mapping relationship between the access level and the establishment cause value. The configuration information is such that the user equipment determines the establishment cause value corresponding to the access attempt based on the mapping relationship between the access attempt and the establishment cause value or the mapping relationship between the access level and the establishment cause value.

In an embodiment, the processor 710 may be further configured to perform control for transmitting, to the user equipment, configuration information for configuring one or more timers for performing access control; wherein each timer corresponds to One or a group or all access levels.

In addition, as shown in FIG. 7, the network device 700 may further include: a transceiver 740, an antenna 750, and the like; wherein the functions of the foregoing components are similar to the prior art, and details are not described herein again. It should be noted that the network device 700 does not have to include all the components shown in FIG. 7; in addition, the network device 700 may further include components not shown in FIG. 7, and reference may be made to the prior art.

The embodiment of the present invention further provides a user equipment, but the present invention is not limited thereto, and may be other devices.

FIG. 8 is a schematic diagram of a user equipment according to an embodiment of the present invention. As shown in FIG. 8, the user device 800 can include a processor 810 and a memory 820; the memory 820 stores data and programs and is coupled to the processor 810. It should be noted that the figure is exemplary; other types of structures may be used in addition to or in place of the structure to implement telecommunications functions or other functions.

For example, the processor 810 can be configured to execute a program to implement the access control method as described in embodiment 1. For example, the processor 810 may be configured to perform control of determining an access level corresponding to an access attempt based on a mapping relationship of an access attempt to an access level; performing an access prohibition check based on the access level to determine Whether the access corresponding to the access level is prohibited; and in the case of determining that the access is allowed, sending a connection establishment request message or a connection recovery request message to the network device.

In an embodiment, the processor 810 may be further configured to: control, according to a mapping relationship between the access attempt and the establishment cause value or a mapping relationship between the access level and the establishment cause value, to determine that the access attempt corresponds to The reason for establishing the cause.

In an embodiment, the processor 810 may be further configured to perform control of including the access level in the connection establishment request message or the connection recovery request based on an indication of the network device or based on a condition of the network device configuration. In the message, or the establishment cause value is included in the connection establishment request message or the connection recovery request message.

In an embodiment, the access level and/or the establishment cause value are determined in a non-access stratum (NAS, Non Access Stratum); wherein, the mapping relationship between the access attempt and the access level is One or more of a mapping relationship between the access attempt and the establishment cause value, the mapping relationship between the access level and the establishment cause value, and a letter defined by the non-access stratum or by the network device through the NAS layer Let the user know the device. And the non-access stratum notifies the determined access level and/or the establishment cause value to a radio resource control (RRC) layer; and the radio resource control layer performs the access barring check.

In an embodiment, determining the access level and/or the establishment cause value in a radio resource control layer; wherein, the mapping relationship between the access attempt to an access level, the access attempt, and a setup cause One or more of the mapping relationship of the value, the mapping relationship between the access level and the establishment cause value, is defined at the RRC layer or is notified to the user equipment by the network device through signaling of the RRC layer. The non-access stratum provides parameters for determining the access level to the radio resource control layer; and the radio resource control layer performs the access barring check.

In one embodiment, the access level and/or the establishment cause value is determined in a plurality of different layers; wherein the mapping of the access attempt to the access level, the access attempt, and the establishment cause One or more of the mapping relationship of the value, the mapping relationship between the access level and the establishment cause value, is defined in a layer in which the access attempt is initiated or a layer in which the radio resource control state is specific.

For example, determining the access level in a layer or a radio resource control state specific layer initiating the access attempt, and/or determining a layer of the access level or a layer specific to the radio resource control state The establishment cause value is determined. The layer that initiates the access attempt includes one or more layers or entities: an application layer, an IP layer, a NAS layer, an RRC layer, or a user plane; the radio resource control state specific layer includes one or more of the following Layer or entity: the NAS layer when the user equipment is in the idle state, the RRC layer when the user equipment is in the deactivated state, and the user plane when the user equipment is in the connected state.

In an embodiment, if the multiple different layers determine multiple different access levels, the non-access stratum or the radio resource control layer selects one of the multiple access levels. grade.

In one embodiment, the processor 810 can also be configured to perform control of processing one or more timers for access control; wherein each timer corresponds to one or a set of access levels.

For example, the timer includes a user equipment specific prohibit timer; the processor 810 can be further configured to perform control on the access level applicable to the user equipment specific prohibit timer, and according to the The result of the access prohibition check performed by the access level is that the access corresponding to the access level is prohibited. Initiating the user equipment specific prohibition timer; and in the case that the user equipment specific prohibition timer is running, not performing all the specified or configured access levels of the user equipment The prohibition check is performed, and it is determined that the access attempt or access corresponding to the access level is prohibited.

For example, the timer includes a user equipment specific allowable timer; the processor 810 can also be configured to perform control at which the access level is applicable to the user equipment specific allowable timer, and according to the When the access level performs the access prohibition check, if the access corresponding to the access level is allowed, the user equipment specific allow timer is started; and the user equipment specific allow timer is In the case of operation, the access prohibition check is not performed on all or specified or configured access levels of the user equipment, and it is determined that the access attempt or access corresponding to the access level is allowed.

For example, the timer includes an access level specific prohibit timer or an access level group specific disable timer; the processor 810 can also be configured to perform control on the access level applicable to the connection If a level-specific prohibition timer or an access level group-specific prohibition timer is entered, and the result of the access prohibition check according to the access level is that the access corresponding to the access level is prohibited, Generating the access level specific prohibit timer or the access level group specific prohibit timer; and operating at the access level specific prohibit timer or the access level group specific prohibit timer In the case, the access prohibition check is not performed on the access level or the access level group, and it is determined that the access level or the access attempt or access corresponding to the access level group is prohibited.

For example, the timer includes an access level specific allowed timer or an access level group specific allowable timer; the processor 810 can also be configured to perform control at which the access level is applicable to the If the level-specific allowable timer or the access level group-specific allowable timer is used, and the result of the access prohibition check according to the access level is that the access corresponding to the access level is allowed, Enabling the access level-specific allowed timer or the access level group-specific allowable timer; and allowing the timer or the access level-specific allowed timer to operate at the access level In the case, the access prohibition check is not performed on the access level or the access level group, and it is determined that the access level or the access attempt or access corresponding to the access level group is allowed.

As shown in FIG. 8, the user equipment 800 may further include: a communication module 830, an input unit 840, a display 850, and a power supply 860. The functions of the above components are similar to those of the prior art, and are not described herein again. It should be noted that the user equipment 800 does not have to include all the components shown in FIG. 8. The above components are not required; in addition, the user equipment 800 may further include components not shown in FIG. There are technologies.

The embodiment of the present invention further provides a computer readable program, wherein the program causes the network device to perform the access control method described in Embodiment 2 when the program is executed in a network device.

The embodiment of the present invention further provides a storage medium storing a computer readable program, wherein the computer readable program causes the network device to perform the access control method described in Embodiment 2.

The embodiment of the present invention further provides a computer readable program, wherein the program causes the user equipment to perform the access control method described in Embodiment 1 when the program is executed in a user equipment.

The embodiment of the present invention further provides a storage medium storing a computer readable program, wherein the computer readable program causes the user equipment to perform the access control method described in Embodiment 1.

The above apparatus and method of the present invention may be implemented by hardware or by hardware in combination with software. The present invention relates to a computer readable program that, when executed by a logic component, enables the logic component to implement the apparatus or components described above, or to cause the logic component to implement the various methods described above Or steps. The present invention also relates to a storage medium for storing the above program, such as a hard disk, a magnetic disk, an optical disk, a DVD, a flash memory, or the like.

The method/apparatus described in connection with the embodiments of the invention may be embodied directly in hardware, a software module executed by a processor, or a combination of both. For example, one or more of the functional blocks shown in the figures and/or one or more combinations of the functional blocks may correspond to the various software modules of the computer program flow or to the various hardware modules. These software modules may correspond to the respective steps shown in the figures. These hardware modules can be implemented, for example, by curing these software modules using a Field Programmable Gate Array (FPGA).

The software module can reside in RAM memory, flash memory, ROM memory, EPROM memory, EEPROM memory, registers, hard disk, removable disk, CD-ROM, or any other form of storage medium known in the art. A storage medium can be coupled to the processor to enable the processor to read information from, and write information to, the storage medium; or the storage medium can be an integral part of the processor. The processor and the storage medium can be located in an ASIC. The software module can be stored in the memory of the mobile terminal or in a memory card that can be inserted into the mobile terminal. For example, if a device (such as a mobile terminal) uses a larger capacity MEGA-SIM card or a large-capacity flash memory device, the software module can be stored in the MEGA-SIM card or a large-capacity flash memory device.

One or more of the functional blocks described in the figures and/or one or more combinations of functional blocks may be implemented as a general purpose processor, digital signal processor (DSP) for performing the functions described herein. ), application specific integrated circuit (ASIC), field programmable gate array (FPGA) or other programmable logic device, discrete Gate or transistor logic, discrete hardware components, or any suitable combination thereof. One or more of the functional blocks described with respect to the figures and/or one or more combinations of functional blocks may also be implemented as a combination of computing devices, eg, a combination of a DSP and a microprocessor, multiple microprocessors One or more microprocessors in conjunction with DSP communication or any other such configuration.

The present invention has been described in connection with the specific embodiments thereof, and it should be understood by those skilled in the art that A person skilled in the art can make various modifications and changes to the present invention within the scope of the present invention.

Claims (20)

1. An access control device includes:

   An access level determining unit, which determines an access level corresponding to the access attempt based on a mapping relationship between the access attempt and the access level;

   An access prohibition checking unit that performs an access barring check based on the access level to determine whether access corresponding to the access level is prohibited;

   A request sending unit that transmits a connection establishment request message or a connection recovery request message to the network device in a case where it is determined that the access is permitted.
2. The access control device of claim 1, wherein the access control device further comprises:

   The cause value determining unit determines the establishment cause value corresponding to the access attempt based on a mapping relationship between the access attempt and the establishment cause value or a mapping relationship between the access level and the establishment cause value.
3. The access control device according to claim 1, wherein the request transmitting unit includes the access level in the connection establishment request message or the connection recovery request based on an indication of a network device or based on a condition of network device configuration. In the message, or the establishment cause value is included in the connection establishment request message or the connection recovery request message.
4. The access control apparatus according to claim 1, wherein said access level and/or establishment cause value is determined in a non-access stratum;

   The mapping relationship between the access attempt and the access level, the mapping relationship between the access attempt and the establishment cause value, and one or more of the mapping relationship between the access level and the establishment cause value are defined. The user equipment is informed at the non-access stratum, or by the network device through signaling of the non-access stratum.
5. The access control apparatus according to claim 4, wherein said non-access stratum indicates or delivers said determined access level and/or said establishment cause value to a radio resource control layer; and said radio resource The control layer performs the access prohibition check.
6. The access control apparatus according to claim 1, wherein said access level and/or establishment cause value is determined in a radio resource control layer;

   The mapping relationship between the access attempt and the access level, the mapping relationship between the access attempt and the establishment cause value, and one or more of the mapping relationship between the access level and the establishment cause value are defined. The user equipment is notified at the radio resource control layer or by the network device through signaling of the radio resource control layer.
7. The access control apparatus according to claim 6, wherein the non-access stratum provides parameters for determining the access level to the radio resource control layer; and the radio resource control layer performs the access barring an examination.
8. The access control apparatus according to claim 1, wherein said access level and/or establishment cause value is determined in at least two layers;

   The layer for determining the access level and/or the establishment cause value includes: a layer that initiates the access attempt, and/or a layer that is determined according to a radio resource control state;

   The mapping relationship between the access attempt and the access level, the mapping relationship between the access attempt and the establishment cause value, and one or more of the mapping relationship between the access level and the establishment cause value are defined in the In the layer that determines the access level and/or the establishment cause value.
9. The access control apparatus according to claim 8, wherein said layer for initiating said access attempt comprises one or more layers, and/or one or more entities: an application layer, an IP layer, a NAS Layer, RRC layer or user plane;

   The layer determined according to the radio resource control state includes one or more layers, and/or one or more entities: a NAS layer when the user equipment is in an idle state, and an RRC layer when the user equipment is in a deactivated state, User plane when the user device is in the connected state.
10. The access control apparatus according to claim 8, wherein, in the case where the at least two layers determine at least two different access levels, the non-access stratum or the radio resource control layer from the at least two One access level is selected among different access levels.
11. The access control device of claim 1, wherein the access control device further comprises:

    A timer processing unit that processes one or more timers for access control; wherein each timer corresponds to one or a group or all access levels.
12. The access control apparatus according to claim 11, wherein the timer is configured by a radio resource control layer or a non-access stratum, and/or the timer is maintained by a radio resource control layer or a non-access stratum.
13. The access control device of claim 11, wherein the timer comprises a user equipment specific prohibition timer; the access control device further comprising:

    a timer activation unit that defines or configures the user equipment-specific prohibition timer at the access level, and the result of performing the access prohibition check according to the access level is that the access level corresponds to Initiating the user equipment specific prohibition timer if access is prohibited;

    The access prohibition checking unit is further configured to: perform the access prohibition check on all or specified or configured access levels of the user equipment if the user equipment specific prohibition timer is running. And determining that the access attempt or access corresponding to the access level is prohibited.
14. The access control device according to claim 11, wherein the timer includes a user equipment-specific allowable timer; the access control device further includes:

    a timer activation unit that defines or configures the user equipment-specific allowable timer at the access level, and the result of performing the access prohibition check according to the access level is that the access level corresponds to Initiating the user equipment specific allowable timer if access is allowed;

    The access prohibition checking unit is further configured to: perform the access prohibition check on all or specified or configured access levels of the user equipment if the user equipment specific allowed timer is running. And determining that the access attempt or access corresponding to the access level is allowed.
15. The access control device of claim 11, wherein the timer comprises an access level-specific inhibit timer or an access level group-specific inhibit timer; the access control device further comprising:

    a timer activation unit that defines or configures the access level-specific prohibition timer or an access level group-specific prohibition timer at the access level, and performs the access prohibition according to the access level If the result of the check is that the access corresponding to the access level is prohibited, the access level specific prohibition timer or the access level group specific prohibition timer is activated;

    The access prohibition checking unit is further configured to: when the access level specific prohibit timer or the access level group specific prohibit timer runs, the access level or the access is not performed The level group performs the access prohibition check, and determines that the access level or the access attempt or access corresponding to the access level group is prohibited.
16. The access control device according to claim 11, wherein the timer comprises an access level-specific allowable timer or an access level group-specific allowable timer; the access control device further comprising:

    a timer activation unit that defines or configures an access level-specific allowable timer or an access level group-specific allowable timer at the access level, and performs the access prohibition according to the access level If the result of the check is that the access corresponding to the access level is allowed, the access level-specific allow timer or the access level group-specific allowable timer is activated;

    The access prohibition checking unit is further configured to: if the access level specific allowed timer or the access level group specific allowed timer runs, the access level or the access is not performed Level group The access prohibition check is performed, and it is determined that the access level or the access attempt or access corresponding to the access level group is allowed.
17. An access control device includes:

    And a configuration sending unit, configured to send, to the user equipment, configuration information for configuring a mapping relationship between the access attempt and the access level, so that the user equipment determines, according to the mapping relationship between the access attempt and the access level, the access attempt Access level

    a request receiving unit that receives a connection establishment request message or a connection recovery request message sent by the device;

    A connection determining unit that determines whether to allow a connection establishment request or a connection recovery request of the user equipment.
18. The access control device according to claim 17, wherein the configuration sending unit is further configured to:

    Transmitting, to the user equipment, configuration information for configuring a mapping relationship between the access attempt and the establishment cause value or a mapping relationship between the access level and the establishment cause value, so that the user equipment is based on the access attempt and the establishment cause value The mapping relationship or the mapping relationship between the access level and the establishment cause value determines an establishment cause value corresponding to the access attempt.
19. The access control device according to claim 17, wherein the configuration sending unit is further configured to:

    Configuration information for configuring one or more timers for performing access control is sent to the user equipment; wherein each timer corresponds to one or a group or all access levels.
20. A communication system, the communication system comprising:

    User equipment comprising the access control device of claim 1;

    A network device comprising the access control device of claim 17.

Images